Hello, we are using Clamav as On-Access-Scanner on a Debian Server Landscape currently containing Debian 8 (to be migrated until the official EOL), Debian 9 and 10.
Now I have a new VM which refuses to do an On-Access-Scan despite all the settings being correct. I have other VMs with Debian 10 in which I have no such problems. Now let's get you some hard facts: /boot # less config-4.19.0-6-amd64 | grep NOTIFY CONFIG_FB_NOTIFY=y CONFIG_FSNOTIFY=y CONFIG_DNOTIFY=y CONFIG_INOTIFY_USER=y CONFIG_FANOTIFY=y CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y /etc/clamav/clamd.conf User root ScanOnAccess true OnAccessMountPath / OnAccessExtraScanning yes OnAccessPrevention no VirusEvent /usr/local/bin/virusevent Now the output from /var/log/clamav.log Tue Jan 28 15:01:50 2020 -> clamd daemon 0.101.4 (OS: linux-gnu, ARCH: x86_64, CPU: x86_64) Tue Jan 28 15:01:50 2020 -> Running as user root (UID 0, GID 0) Tue Jan 28 15:02:32 2020 -> ERROR: ScanOnAccess: fanotify_init failed: Operation not permitted Tue Jan 28 15:02:32 2020 -> ScanOnAccess: clamd must be started by root As you can see Clamav claims to be be both: running as root and not as root. This is the output from ps faux | grep clamd root 4272 34.5 21.0 1032160 861348 ? Ssl 15:01 0:38 /usr/sbin/clamd --foreground=true Why does the problem only appear on that specific machine and not on all VMs with Debian 10? How can I fix it? Yours faithfully Stefan Schumacher
_______________________________________________ clamav-users mailing list clamav-users@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-users Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml
